OSIS-165: cap getCredentials access-denied recovery to a single retry#168
Merged
anurag4DSB merged 1 commit intoJun 29, 2026
Merged
Conversation
|
LGTM — clean fix. The recursive self-call is replaced with a structured try-provision-retry-once pattern. Verified that setupAssumeRole(String, String) is synchronous (only the OsisTenant overload is @async), so the role is set up before the retry. Test correctly pins the call counts. No issues found. |
a7e163a to
c31612f
Compare
|
LGTM — the recursion-to-flat-retry refactor is clean and correct. The Review by Claude Code |
dvasilas
approved these changes
Jun 26, 2026
BourgoisMickael
approved these changes
Jun 26, 2026
c31612f to
2b1f702
Compare
Contributor
Author
|
no code change, just rebase with origin/main |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Intent: why does this change exist?
getCredentials recovers from an access-denied assume-role by provisioning the role and retrying, but it retried by calling itself recursively with no depth limit. A persistently misconfigured Vault role would recurse until the stack overflows.
System impact: what's affected, including downstream?
The assume-role credential path used by all user and S3-credential APIs. Behavior is unchanged on the happy path and on the first recovery; only the unbounded retry is capped.
Preserved behavior: what explicitly stays the same?
On the first access-denied the role is still provisioned via setupAssumeRole and the assume-role is retried; non-access-denied errors still rethrow immediately. Caches, policies, and the order of calls are unchanged.
Intended change: what's different after this PR?
Recovery is capped at a single retry: original attempt, provision once, retry once; if it is still access-denied the VaultServiceException is rethrown instead of recursing. The retry path no longer calls getCredentials, so it cannot loop. A test pins that persistent access-denied throws after exactly one provision and two assume-role attempts.
Verification: how do we know this worked, or how would we know if it didn't?
Ran the full osis-core test module including the JaCoCo gate: green. The new test would fail (or overflow the stack) if the recursion returned.